首页 / 技能 / Skill Scanner — 安全扫描

📦 Skill Scanner — 安全扫描

v0.1.2

在本地安装 Clawdbot 或 MCP 技能前,一键扫描恶意软件、间谍程序、加密矿工、后门及混淆代码,定位数据外泄与系统篡改风险,为 AI 技能提供安全审计。

24· 1.7万·153 当前·159 累计
bvinci1-design 头像by @bvinci1-design
安全开发工具测试工具
下载技能包
最后更新
2026/2/27
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This package appears to implement a local static scanner and a Streamlit UI that scans only the files you provide. Before installing or running it, do the following: 1) Verify the source/author — the registry metadata shows no homepage and the origin is unknown; prefer code from a trusted repo. 2) Inspect the full skill_scanner.py and streamlit_ui.py (the provided copy was truncated in places) to confirm there is no hidden behavior (network calls, code execution, auto-update). 3) Do not point th...
详细分析 ▾
用途与能力
Name/description match the code: this is a local static scanner that searches files for malicious patterns and offers a Streamlit UI. It does not request credentials or binaries unrelated to its purpose. However the skill's origin is unknown (no homepage) and README suggests cloning from a GitHub repo; validate the upstream source before installing.
指令范围
Runtime instructions and code limit activity to reading the target skill folder (or uploaded files) and producing a report; the scanner performs regex-based pattern matching and the Streamlit UI writes uploaded files to a temporary directory for scanning. It does not appear to execute scanned code or access system credential files directly. Still, the SKILL.md/README emphasize scanning for access to credential paths (they detect strings like '~/.ssh' in code) — ensure you do not point the scanner at real secret stores, and avoid uploading sensitive files to the web UI.
安装机制
No install spec provided (instruction-only skill with included Python files). That is low-risk from an install perspective — nothing is downloaded or extracted by an automated installer. The Streamlit UI is optional and requires you to pip-install streamlit yourself.
凭证需求
The skill requests no environment variables or credentials. The scanner flags patterns that would indicate credential/file access in scanned code, but the scanner itself does not request or require secrets.
持久化与权限
always=false and the skill does not request persistent system changes. The code writes uploaded content to a temporary directory only and does not modify other skills or system configuration according to the reviewed files.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.22026/1/29

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install skill-scanner
镜像加速npx clawhub@latest install skill-scanner --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库